http://bugs.skolelinux.org/show_bug.cgi?id=1383
Summary: usernames are caseinsensitive during login
Product: Skolelinux
Version: lenny-test
Platform: All
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P1
Component: debian-edu-config
AssignedTo: [email protected]
ReportedBy: [email protected]
usernames are case insesitive during login.
i have tested with thinclient, and NX and danielsan have tested on a
workstation
the username RoNnY can login just as well as the correct username ronny
when you login with a different username you loose your group meneberships.
it's like a separate account with the same homedir.
This can allow the user to circumvent group based restrictions and loose access
rights for group based file rights.
set to p1 for it's security implications.
http://honk.sigxcpu.org/projects.html#pam-naming might be used to fx: enforce
lowercase usernames.
kind regards
Ronny Aasen
--
Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
